From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Alexis" Subject: Re: DNAT problem Date: Sat, 29 May 2004 12:36:37 -0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: <000701c44592$bb254460$0200000a@heretic> References: <20040529172536.6df75cca.leslie.polzer@gmx.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii" To: netfilter i think it could be - that the isp (if you're connecting to one isp trough ppp0) has a filter for port 80 (it seems strange) are you mangling some packets? what is the output for iptables -t mangle -L? ----- Original Message ----- From: "Patrick Leslie Polzer" To: Sent: Saturday, May 29, 2004 12:25 PM Subject: DNAT problem > > Hello again, > > a DNAT problem is coming up. > My firewall setup (simplified for testing) is currently as follows: > > > ### ### > > ##### FILTER table ##### > # policies > $ipt -P FORWARD ACCEPT > $ipt -P INPUT ACCEPT > $ipt -P OUTPUT ACCEPT > > $ipt -F > $ipt -F FORWARD > $ipt -F INPUT > $ipt -F OUTPUT > > > ##### NAT table ##### > # flush chains > $ipt -t nat -F PREROUTING > $ipt -t nat -F POSTROUTING > $ipt -t nat -F OUTPUT > > # masquerading on ppp0 and vortex > $ipt -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > $ipt -t nat -A POSTROUTING -o vortex -j MASQUERADE > > # dnat > $ipt -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.35.191:80 > > ### ### > > > The last line is working with > > --dport 8080 > > but isn't with > > --dport 80 > > What's going on there? > > > Kind regards, > > Leslie > >